This guest post is courtesy of Brian Foster. Brian spent five years in the IT field as a desktop support tech and supervisor. He is interested in networking, cloud computing and social networking.
The Health Insurance Portability and Accountability Act (HIPAA) sets specific regulations for how health insurance companies and the medical providers they work with manage and store patient information. The goals of cloud backup solutions, and patient confidentiality are difficult to combine, as several road blocks can get in the way of truly going digital with patient information. As healthcare IT moves away from paper records and well into the 21st century with tablets, touch screens and mobile devices, these issues are critical in executing an effective transition with confidential data.
Providing Onsite Data Security
Because so many medical records are stored on electronic devices rather than traditional paper files, the electronic devices themselves need to be protected. Password-protected work stations are standard at any facility that deals with medical records, and many medical facilities have switched to fully electronic recording of data through iPads and other mobile devices rather than transferring information from paper. This eliminates one step that could be a potential data breach, but it also requires an overhaul of systems, which is expensive and outside of the reach of many medical care facilities. In addition, as technology in medical facilities changes, what constitutes as necessary security measures can change. It’s important that hospitals stay one step ahead of the curve.
Protecting Remote Backups
In addition to protecting patient privacy in health records, HIPAA also has provisions for backing up data. The records must have an offsite backup, which ensures that health data will not be lost if the healthcare site is compromised. One potential solution for providing an easy offsite backup, with access from anywhere, is to utilize cloud storage more frequently in healthcare settings. Although people are sometimes concerned about cloud storage because it seems so vague, the security surrounding the data is actually just as sophisticated as storage on a local network. Educating the public about the merits of cloud storage, particularly for healthcare data, will likely make this a more viable option to implement in the future.
Security Training for Employees
Many people work in healthcare who don’t have much awareness about how IT works and how to go about protecting health information stored on computers. Although it’s easy for employees to destroy paper files when needed, permanently deleting electronic records can be difficult. For example, take a doctor who accidentally left an external hard drive in a cab. The doctor had at one point stored patient records on the drive, but he deleted them prior to the loss. Depending on how thoroughly he deleted the records, someone may be able to recover information from the drive, compromising patient confidentiality. Employees need to learn how electronic data security works and how to protect patient data, so another job of the healthcare IT department is to educate staff about data security procedures.
Collaboration as a Path Toward Solutions
The methods IT departments use to store and protect patient data may vary, but the goals are the same. By collaborating with one another, IT professionals can share methods that will benefit the healthcare field as a whole. For example, MIT held a CIO symposium that discussed patient data security in Washington D.C. Professionals gathered for the 2nd International Summit on the Future of Health Privacy to discuss challenges and potential solutions. Developing a centralized offsite backup system for healthcare information with maximum security could be a way to comply more readily with HIPAA, but the trick is developing the security to store and protect the information without any data breaches
